Security vendors fix flaw in Samsung phones screen lock

Two security vendors have released temporary fixes for a flaw in some Samsung Android phones that could allow an attacker to bypass a locked screen.

The problem comes from Samsung's implementation of the emergency call feature, which allows people to dial emergency services or reveals a contact people can dial if they find someone's phone, said David Richardson, a product manager at Lookout Mobile Security.

Samsung configured the emergency call function in such a way that it appears to briefly unlock the phone, Richardson said.

The flaw is serious since it means anyone who lost their phone is at risk of having their phone's data accessed. The number of devices affected isn't known, but Richardson said Lookout found it affects the Galaxy S III, the S3 Mini and Note II running Samsung's implementation of Android Jelly Bean.

Related glitches reported

There appear to be a few variations of the flaw, which was first reported earlier this month by Terence Eden, a developer community manager based in the U.K. with InMobi, a mobile advertising agency.

Eden wrote of another flaw he found last week. In a demonstration using a Galaxy Note II running Android 4.1.2, Eden quickly fiddles with the emergency call function and eventually downloads an application from Google's Play store that removes the locking function on the phone.

"This is a very tricky procedure," Eden said.

Richardson said the most severe variation can allow persistent access to the device until the phone is rebooted. Samsung has not patched the issue yet.

When Samsung issues a patch, Richardson said Lookout can disable its fix. Samsung officials could not be immediately reached for comment.

For comprehensive coverage of the Android ecosystem, visit Greenbot.com.